CVE

macOS vulnerability allowed Keychain and iOS app decryption without a password

macOS vulnerability allowed Keychain and iOS app decryption without a password 2025-09-04 at 15:41 By Mirko Zorz Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly granting the […]

React to this headline:

Loading spinner

macOS vulnerability allowed Keychain and iOS app decryption without a password Read More »

Cutting through CVE noise with real-world threat signals

Cutting through CVE noise with real-world threat signals 2025-09-04 at 09:02 By Sinisa Markovic CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall back on CVSS scores, which label thousands of flaws as “high” or

React to this headline:

Loading spinner

Cutting through CVE noise with real-world threat signals Read More »

WinRAR zero day exploited by RomCom hackers in targeted attacks

WinRAR zero day exploited by RomCom hackers in targeted attacks 2025-08-11 at 12:55 By Sinisa Markovic ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows versions of its command line tools, UnRAR.dll, or the portable

React to this headline:

Loading spinner

WinRAR zero day exploited by RomCom hackers in targeted attacks Read More »

Why we must go beyond tooling and CVEs to illuminate security blind spots

Why we must go beyond tooling and CVEs to illuminate security blind spots 2025-07-18 at 09:41 By Help Net Security In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs

React to this headline:

Loading spinner

Why we must go beyond tooling and CVEs to illuminate security blind spots Read More »

May 2025 Patch Tuesday forecast: Panic, change, and hope

May 2025 Patch Tuesday forecast: Panic, change, and hope 2025-05-09 at 09:11 By Help Net Security April was an event-filled month for cybersecurity. Patch Tuesday came to us quickly on April 8 – the earliest first Tuesday possible in a given month. We again saw large numbers of CVEs addressed with 84 in Windows 11

React to this headline:

Loading spinner

May 2025 Patch Tuesday forecast: Panic, change, and hope Read More »

What a future without CVEs means for cyber defense

What a future without CVEs means for cyber defense 2025-05-06 at 11:31 By Help Net Security The importance of the MITRE-run Common Vulnerabilities and Exposures (CVE) Program shouldn’t be understated. For 25 years, it has acted as the point of reference for cybersecurity professionals to understand and mitigate security flaws. By providing a standardized method

React to this headline:

Loading spinner

What a future without CVEs means for cyber defense Read More »

White House Proposal Slashes Half-Billion from CISA Budget

White House Proposal Slashes Half-Billion from CISA Budget 2025-05-05 at 18:31 By Ryan Naraine The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.” The post White House Proposal Slashes Half-Billion from CISA Budget appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

White House Proposal Slashes Half-Billion from CISA Budget Read More »

MITRE CVE Program Gets Last-Hour Funding Reprieve

MITRE CVE Program Gets Last-Hour Funding Reprieve 2025-04-16 at 19:36 By Ryan Naraine The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational. The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

MITRE CVE Program Gets Last-Hour Funding Reprieve Read More »

Funding uncertainty may spell the end of MITRE’s CVE program

Funding uncertainty may spell the end of MITRE’s CVE program 2025-04-16 at 14:56 By Zeljka Zorz The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in

React to this headline:

Loading spinner

Funding uncertainty may spell the end of MITRE’s CVE program Read More »

MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty

MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty 2025-04-15 at 23:46 By Ryan Naraine MITRE warns of a deterioration of national vulnerability databases and advisories, slowed vendor reaction and limited response operations. The post MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty Read More »

NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog

NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog 2025-04-07 at 14:02 By Ionut Arghire NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them. The post NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog appeared first on

React to this headline:

Loading spinner

NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog Read More »

Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability 

Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability  2025-04-03 at 13:31 By Eduard Kovacs Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’. The post Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability  appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability  Read More »

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) 2025-04-01 at 18:49 By Zeljka Zorz Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code. What can be done? CVE-2025-2825, affecting CrushFTP versions 10.0.0 through

React to this headline:

Loading spinner

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) Read More »

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD 2025-03-24 at 18:21 By Ryan Naraine The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth. The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek. This

React to this headline:

Loading spinner

NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD Read More »

Dependency-Check: Open-source Software Composition Analysis (SCA) tool

Dependency-Check: Open-source Software Composition Analysis (SCA) tool 2025-03-19 at 07:47 By Help Net Security Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a match is found, the tool generates a report with links to

React to this headline:

Loading spinner

Dependency-Check: Open-source Software Composition Analysis (SCA) tool Read More »

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) 2025-02-28 at 17:03 By Zeljka Zorz Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE Caldera MITRE Caldera is a platform built on the

React to this headline:

Loading spinner

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) Read More »

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) 2025-01-27 at 17:20 By Zeljka Zorz 5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability on

React to this headline:

Loading spinner

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) Read More »

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) 2025-01-16 at 12:03 By Help Net Security ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability

React to this headline:

Loading spinner

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) Read More »

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) 2024-12-18 at 11:48 By Zeljka Zorz BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installations to test the patch and implement

React to this headline:

Loading spinner

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) Read More »

BadRAM: $10 hack unlocks AMD encrypted memory

BadRAM: $10 hack unlocks AMD encrypted memory 2024-12-11 at 13:16 By Mirko Zorz Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory modules to unlock the chips’ encrypted memory. The SPD chip can be modified using an off-the-shelf microcontroller. The researchers used a Raspberry Pi

React to this headline:

Loading spinner

BadRAM: $10 hack unlocks AMD encrypted memory Read More »

Scroll to Top